But there's really no point in replacing a character by the same character (or did the board "eat" a \ here? )
There are also other character that should be "treated". I suggest using mysql_real_scape_string.
[56K WARN]sql UPDATE not working on localhost
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
+1 volka. Using mysql_real_escape_string() is a lot safer and less resource intensive than str_replace. And besides, the replace you are doing is quite literally replacing a character with it's exact same character. And there is no need to turn magic quotes on. In fact, it is better for you to leave it off.
-
invisibled
- Forum Contributor
- Posts: 112
- Joined: Sun Apr 29, 2007 3:35 pm
- Location: New Westminster
Your assuming you know more than us. I would do as Pickle said and echo your queries. I can see right off the bat what the problem could be, without speculating.invisibled wrote:i already said i haven't finished the script, its going to be replacing single quotes with hardcoded quotes but that has nothing to do with anything.
-
invisibled
- Forum Contributor
- Posts: 112
- Joined: Sun Apr 29, 2007 3:35 pm
- Location: New Westminster
Let's assume you're not wrong then your script is missing something, see http://de3.php.net/security.database.sql-injectioninvisibled wrote:I am telling you about it and your telling me im wrong, when im not and getting completely off topic with that whole single quote thing lol.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA